-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 11 Feb 2018 18:35:17 +0100 Source: tomcat-native Binary: libtcnative-1 Architecture: source amd64 Version: 1.1.24-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libtcnative-1 - Tomcat native library using the apache portable runtime Changes: tomcat-native (1.1.24-1+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2017-15698: When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability. Checksums-Sha1: 85cc2e4cdd23d6eabb2b6c5f5b8a5c5377d7bd00 2221 tomcat-native_1.1.24-1+deb7u1.dsc e76d7ed52f56b9b7a3a9d1a03f9e11ebca954270 261742 tomcat-native_1.1.24.orig.tar.gz 1a70b336a782b745c73626469a93b06e6ba9f1b2 6394 tomcat-native_1.1.24-1+deb7u1.debian.tar.gz 150555a94e47a1407b41773be08010235b359239 135706 libtcnative-1_1.1.24-1+deb7u1_amd64.deb Checksums-Sha256: cc604b5da61d6398c0afa9c1f3a685d158a0f21978772cffcd709019f07256ce 2221 tomcat-native_1.1.24-1+deb7u1.dsc 0377849f42e32eaa6a8feaa639fa2d209dd4e34a3503d56a579b014aa2d5b349 261742 tomcat-native_1.1.24.orig.tar.gz 9513db8391eaa588a65ba708848ffad4d23920cce8302300bc5829b4a8856325 6394 tomcat-native_1.1.24-1+deb7u1.debian.tar.gz d0e0eb40444c5e1501bdb96bc6dfe2dfb79588760059e18fbc5c395758fb4f42 135706 libtcnative-1_1.1.24-1+deb7u1_amd64.deb Files: 1ee3e167137b7e3f57ffa2b52dea6f49 2221 java extra tomcat-native_1.1.24-1+deb7u1.dsc cfd4762f2da19ba79d1b6a2a948c9d21 261742 java extra tomcat-native_1.1.24.orig.tar.gz 182b51f9d18dd9b4db4b4d5615cef898 6394 java extra tomcat-native_1.1.24-1+deb7u1.debian.tar.gz f327fe9f5fad35b78b3f203b2bc7e393 135706 java extra libtcnative-1_1.1.24-1+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqAjq9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk8fQP/3zJ6931O6UPX3sM2tD+BzHJPmNJbC0s+awd 1GTK7FO/zqGg1mfOEHCTzTBn5Vw+2DKXK03PAG3Q/c9x/4aXXujKByI+Vr2EPXNA 8HCFI5CpWd8FIRv+0uzpm7ogd4zWXZzNED16g2kwBSRizlJGA21ltpFcuJBhi1EA DBgM1j5DjZoIHrPPCFcHuMT5n5hgFc94p+abmmDYBjx2An0gnIkQrSrPHIRL3a3A tbbaaFu64+VOJXS2cK+SFbWAQpZUVWxGZkqd1pEgsFqgpniHxUwWTmZyk+hMmthB dzhiDrIqjsgGO1kzuANQC4QIRaAoYa7A/QuZmtKo0lVUSpVgxD55VrArYYGpRTOa BF6D4ILG2XgfVkc+6rwJLvpKpBJAsbrVTYB/Yi4tKDNCpdt62SuR10FdP0FThjwI 8gcG/itac+D7eOLI6GgqdXZR6WjkwvhIVOuQrVQiTITRTvwIiwVyKEz7xb2+sZVQ sEA8zECRXcgf2JE4xb0TdT56qGev/S35wH/uPVnRNsNUrwB/R6+3UVXPhKcddO7A zuJxZ6wJKMLxbEY3gBGLX+GciPauCeANsr5ONnbknBE38dgJ+i2FKJdThScygXTO P3ikX6npPuQIkGvuHocagTF7owOBTqsOFGkOriL5nKFMxzCCECOKiAl6O9wJnXb5 CuEb3yjk =/KBV -----END PGP SIGNATURE-----
